Avast introduced free decryptors for AtomSilo, Babuk and LockFile ransomware
Avast introduced free decryptors to recover files previously encrypted by AtomSilo, Babuk and LockFile malware.
It is suggested to use the same decoder for AtomSilo and LockFile. The researchers explain that these ransomware strains are very similar to each other, so it was possible to create a single tool for them.
The company emphasizes that the decoder may not be able to cope with files with unknown and proprietary formats or without extensions at all.
It is reported that specialists managed to crack the malware using information received from the researcher RE-CERT. In the middle of this month, he wrote on Twitter that he found a way to hack AtomSilo and even created his own decoder as a proof-of-concept.
A tool for decrypting data after Babuk ransomware attacks was also presented separately. Avast experts write that they were able to develop this tool using the malware source code, which was published on the Russian-speaking hack forum in early September.
On Twitter, experts write that the source code contained keys to decrypt data for past victims of the ransomware.
However, the decryptor will only work with past Babuk victims who still have files encrypted with .babuk, .babyk and .doydo extensions.
To decrypt your files, please, follow these steps:
- Download the free decryptor. The single EXE file covers both ransomware strains.
- Simply run the EXE. It starts in form of wizard, which leads you through configuration of the decryption process.
- On the initial page, you can see a list of credits. Simply click “Next”
- On the next page, select the list of locations which you want to be decrypted. By default, it contains a list of all local drives.
- On the third page, you can select whether you want to backup encrypted files. These backups may help if anything goes wrong during the decryption process. This option is turned on by default, which we recommend. After clicking “Decrypt”, the decryption process begins.
- Let the decryptor work and wait until it finishes.
Let me remind you that we also wrote, that During five years of operation, the No More Ransom project helped to save $900 million from ransomware.